Blowfish support in crypt() (glibc) ?

Miguel Bazdresch lfs-01 at thewizardstower.org
Tue Jun 8 05:01:16 PDT 2004


* Robert Connolly <robert at linuxfromscratch.org> [2004-06-08 11:30]:
> On June 7, 2004 10:05 am, Bennett Todd wrote:
> > What's the problem with MD5 in passwd?
> 
> "The problem of attacking MD5 is no longer a theoretical matter - it is a 
> business proposition."
> http://www.md5crk.com/
> 

As far as I can see they're trying to find a collision in MD5, and
haven't found it yet, so it's still speculation.

Also, this doesn't address the use of MD5 in passwd, only on digital
certificates. It's not the same problem, because if an attacker has
access to your shadow file, you're screwed anyway. Or am I wrong?

-- 
Miguel Bazdresch
http://thewizardstower.org/



More information about the hlfs-dev mailing list